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WHAT IS CLAIMED IS: 

1 . A cryptographic system in a computer system, the cryptograph^ system comprising: 
a central server; 
5 a remote server; 

a database on the central server responsive to signals ^m the central server, the database 
being configured to contain sensitive information; 
enterprise credentials stored in the database; 
a key repository process on the central server/ the key repository process having one or 
10 more master keys for managing information in the^database, the key repository process further 
'X configured to access the enterprise credentials |rnd to authenticate authorizations to access the 
. 1 sensitive information in the database; 

an agent on the remote server, the agfent acting on behalf of the key repository process on 

U s 5 

S8 the central server; and 
15= at least one application on the rdnote server; 

wherein the agent authenticates authorizations of specific applications to access resources 
based upon authorizations held ^d maintained by the key repository process on the central 
server. 



20 2. A cryptographic system as in claim 1, wherein the key repository process and the agent 
communicate with each other, the communication being authenticated by a shared secret, and 
wherein the shared secret is protected by a level of trust equivalent to that with which the shared 
secret is protected on central server by the key repository process. 



25 3. A cryptographic system as in claim 2, wherein the level of trust is defined as the number 
of individuals/required for reconstructing the master key and/or for performing a sensitive 
operation. 

33 

SV/l 30099.01 
1 2082000/1 0:08/20206.35 



PATENT 

^^^PPLICATION DOCKET NO. 20206.35 

4. A cryptographic system as in claim 1, wherein the agent in tne remote server is an 
independent key repository process with a level of trust equivalent tc/ that of the key repository 
process in the central server. / 

5. The cryptographic system of claim 1, wherein at ieast one master key protects the 
sensitive information in the database. / 

6. The cryptographic system of claim 1, wherein at least one master key provides privacy 
protection to the sensitive information. / 

7. A method used in a cryptographic system for obtaining sensitive information, 
comprising: / 

storing enterprise credentials in/a database on a central server, the database being 
configured to contain sensitive informafion; 

establishing one or more master keys for managing information in the database by a key 
repository process, the key repfiisitory process being configured to access the enterprise 
credentials; / 

authenticating, by the^ key repository process, authorizations to access the sensitive 
information in the database / 

establishing commxmications between the key repository process on the central server 
and an agent on a remcrte server, the agent acting on behalf of the key repository process on the 
central server; and / 

authenticating, by the agent, authorizations of specific applications on the remote server 
to access resou^s based upon authorizations held and maintained by the key repository process 
on the central server. 
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8. A method for obtaining cryptographic credentials by an apfflication running on a 
computer system, comprising: X 

providing a computer system having at least one servep^d a cryptographically protected 
database; X 

instantiating a key repository process on the/<^omputer system, the key repository process 
being configured with a remote agent interface^d/or for interface via a trusted link; 

instantiating an application proces^n the computer system; 

conducting, by the appHcati<m process, a query of the key repository process for 
sensitive information, the query/being conducted via the remote agent interface or the trusted 
link if the application proce^/and the key repository process are located on different servers; and 

providing to the^pplication process, by the key repository process, an encrypted file of 
the sensitive infomration, the encrypted file being provided via the remote agent interface or the 
trusted link i|>me application process and the key repository process are located on different 
servers. / 
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